Microsoft Entra: Difference between revisions
From Planfix
| Line 38: | Line 38: | ||
|- | |- | ||
| Reply URL (Assertion Consumer Service URL) || <nowiki>https://{account_planfix_url}/saml2/sso/entra</nowiki> | | Reply URL (Assertion Consumer Service URL) || <nowiki>https://{account_planfix_url}/saml2/sso/entra</nowiki> | ||
|} | |||
*Save the settings. | |||
=== Steps in Planfix === | |||
*Return to Integrations — Single Sign-On. | |||
*In the '''Metadata URI''' field, enter the '''App Federation Metadata Url''' copied from the Entra application settings. | |||
*Save the changes. | |||
=== Assigning Users === | |||
*In the application settings, open the '''Users and groups''' section. | |||
*Add users or groups who need access to Planfix via SSO. | |||
=== Testing === | |||
*In the Single sign-on section of the application in Entra, click the '''Test''' button. | |||
*Make sure that redirection and authorization via Planfix work correctly. | |||
== SCIM Provisioning Setup == | |||
*In the Entra application, go to Provisioning — Provisioning. | |||
*In the '''Provisioning Mode''' field, select '''Automatic'''. | |||
*In the '''Admin Credentials''' section, specify: | |||
:{| class="wikitable" | |||
|- | |||
|'''Field''' || '''Value''' | |||
|- | |||
| Authentication Method || Bearer Authentication | |||
|- | |||
| Tenant URL || SCIM URL from Planfix settings | |||
|- | |||
| Secret Token || SCIM Token from Planfix settings | |||
|} | |} | ||
Revision as of 11:40, 3 October 2025
Integration with Microsoft Entra allows your company's employees to log in to Planfix and other services using a single password (Single Sign-On, or SSO). This increases convenience and security, and simplifies user account management.
Supported Features
- IdP-initiated login (SSO)
- SP-initiated login
- Just-In-Time (JIT) user creation
- SCIM Provisioning
SCIM Provisioning Features
- User creation
- User data update
- User deactivation
- User import
Setup Steps
Steps in Planfix
- Go to Account management — Integrations — Single Sign-On.
- Activate the integration with Microsoft Entra.
Steps in Microsoft Entra
- Create an Enterprise Application
- Open the Microsoft Entra console with an administrator account.
- Go to Applications — Enterprise applications.
- Click + New application — + Create your own application.
- Set a name, for example: Planfix Entra.
- In the assignment section, select:
Integrate any other application you don’t find in the gallery (Non-gallery)
- After creating the application, open its card.
- Configure SAML SSO
- In the application menu, open Single sign-on and select the SAML method.
- In the Basic SAML Configuration block, specify the following data:
Field Value Identifier (Entity ID) https://{account_planfix_url}/saml2/service-provider-metadata/entra Reply URL (Assertion Consumer Service URL) https://{account_planfix_url}/saml2/sso/entra
- Save the settings.
Steps in Planfix
- Return to Integrations — Single Sign-On.
- In the Metadata URI field, enter the App Federation Metadata Url copied from the Entra application settings.
- Save the changes.
Assigning Users
- In the application settings, open the Users and groups section.
- Add users or groups who need access to Planfix via SSO.
Testing
- In the Single sign-on section of the application in Entra, click the Test button.
- Make sure that redirection and authorization via Planfix work correctly.
SCIM Provisioning Setup
- In the Entra application, go to Provisioning — Provisioning.
- In the Provisioning Mode field, select Automatic.
- In the Admin Credentials section, specify:
Field Value Authentication Method Bearer Authentication Tenant URL SCIM URL from Planfix settings Secret Token SCIM Token from Planfix settings